In today's technology-driven society, it is often desirable to have secure communications among a large group of members. For such communications, the Internet Engineering Task Force (IETF) has defined three problem areas, namely source authentication, group key management, and group policy distribution. Group key management includes distribution of keys used to encrypt data/communications to enable secure communications while inhibiting undesired access to, and undesired ability to calculate, these keys. Referring to FIG. 1, scalability issues in group key distribution can be addressed in a system 10 using a centralized group manager (GM) 12 that manages the group of members 16 by proxy via subordinate subgroup managers (SGMs) 14.
The GM 12 delegates key management functions to designated SGMs 14. Each SGM 14 distributes keys to members (M) 16 within the SGM's subgroup. Two categories of SGMs are: (1) trusted third-party entities in an infrastructure containing group management entities (the GM 12 and the SGMs 14); and (2) members designated as SGMs. For members as SGMs, the SGM for any member may change during a lifetime of the group or subgroup. If so, the replacement of the SGM may involve very large computation as well as communication overhead. The SGM 14 and each of its members 16 establish a shared secret during initialization of the SGM 14 and when changing SGMs 14. Establishing the shared secret can be performed over a secure channel using asymmetric key operations, with one asymmetric key operation for each member 16 associated with the new SGM 14. Asymmetric key operations use significant computational power (e.g., approximately 1,000-10,000 times more computational power than symmetric operations).